Oracle released its Critical Patch Update for July 2022 in order to address 349 vulnerabilities across multiple products offered by the US-based third-largest software company. The patch update prevents remote attackers from gaining access to the system via those vulnerabilities.
The Certified Information Systems Auditor (CISA) provides certification after recognizing the standards of an IT auditor based on its knowledge, expertise, and skills in accessing vulnerabilities have urged the users and admins to review the Oracle July 2022 Critical Patch updates.
Oracle July 2022 Critical Patch Update is a collection of patches used for detecting multiple security vulnerabilities in Oracle code and third-party components introduced in Oracle products. Oracle has decided to create a Critical Patch due to periodic malware exploitation of vulnerabilities. Oracle reports that previously threat actors gained access to devices because the admin fails to apply an Oracle Patch.
The new Critical Patch contains 349 new security patches across all products. The Critical patches provide security for a wide range of Oracle products such as Oracle Database Server, Oracle Big Data Graph, Oracle Essbase, Oracle Global Lifecycle Management, Oracle GoldenGate, Oracle Graph Server and Client, Oracle REST Data Services, Oracle Spatial Studio, Oracle TimesTen In-Memory Database, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction, and many more.
The company has advised admins and users to apply Oracle E-Business Suite CVE-2022-21500 released as May’s Critical Patch and at the same time to apply the July 2022 Critical Patch update for Oracle E-Business before applying the latest July patch. Oracle also stated on their blog, “Oracle strongly recommends that customers apply security patches as soon as possible. For customers that have skipped one or more Critical Patch Updates and are concerned about products that do not have security patches announced in this Critical Patch Update, please review previous Critical Patch Update advisories to determine appropriate actions.”
However, the company has also mentioned that the Critical Patch updates are viable for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy and Oracle recommends all customers to upgrade the product version in an advance to apply all the patches.
The Oracle says that July will bring 349 new entries on the critical patch update. https://t.co/9XELoHJayM #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) July 21, 2022
